Amit Bareket is the Founder and CEO of Perimeter 81.
In recent months, individuals across the globe have shifted to a remote way of life, including working from home, virtual dating, drive-by birthday parties and now, even doctor’s appointments. The healthcare sector quickly implemented changes to provide a more remote experience to comply with social distancing regulations.
To decrease the number of face-to-face doctor’s appointments and adhere to social distancing limitations and regulations, the Department of Health and Human Services (HHS) announced they “will not impose penalties for noncompliance” with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.
The shift to virtual appointments has allowed different healthcare providers to implement some popular video communication applications including Zoom, Skype, WebEx, and GoToMeeting.
Telehealth visits can be a successful tool for remotely observing and treating patients with symptoms who are more comfortable and safe staying home. While telehealth has many benefits for patients, it comes with its challenges for healthcare providers – especially the traditional healthcare companies that did not have a telehealth program in place.
Similar to scaling an entire company remotely, implementing telehealth programs also takes time to establish, including installing the necessary technology, recruiting and training doctors about the best virtual practices and teaching the patient how best to use the platform.
Privacy risks are inherent to any digital process including telehealth. With the sudden surge of telehealth visits, medical professionals, providers, IT teams and even patients need to think more about their privacy, but now in a virtual setting.
The healthcare industry’s hyper-sensitive regulations on record sharing present itself as a problem for telehealth platforms. By sharing sensitive data over a virtual communications app, it creates an opportunity for hackers to access the conversation.
Cybercriminals can act as flies on the wall of vulnerable and privileged conversations between doctor and patient, since even seemingly secure systems may sometimes be easily breached and expose a trove of valuable patient information. Hospitals and healthcare providers need to double down on IT and cybersecurity to fight off potential privacy breaches.
HIPAA Solves Privacy Risks Paired with Secure Solutions
Healthcare has always been an attractive target for hackers trying to breach patients’ sensitive records. While medical data and records are some of the most delicate pieces of information out there, the healthcare industry has the right compliance regulations in place. HIPAA and other regulations have been around for years but since the HHS weakened the previous compliance regulations, telehealth is now a more attractive target for hackers.
Now that the government has become more lenient with telehealth regulation rules, enforcing HIPAA with telehealth communication is the right move to provide better privacy for patients.
The Health Insurance Portability and Accountability Act (HIPAA) requires medical providers to adopt data security in order to protect their patients’ information from disclosure. The HIPAA regulation requirement of encryption initially sounds a bit confusing, however, it’s more simple than suggested. The HIPAA encryption requirements for transmission security state that covered entities should “implement a mechanism to encrypt PHI whenever deemed appropriate.”
In other words, the majority of healthcare organizations are required to be HIPAA compliant and each provider needs to have some level of security for PHI. Healthcare providers are required to encrypt their data unless they can justify why they can’t implement encryption and can provide an equal alternative.
Tasked with choosing the best way to store, access and back up electronically protected health information, many healthcare technology companies and providers are looking at cloud computing. They are adopting cloud-based Network as a Service technology as an alternative to traditional hardware-based solutions, as it offers scalability, affordability and increased compatibility with cloud storage environments. But remember, the security service you choose must be SOC 2 type 2 compliant and ISO 27001-compliant and have signed multiple HIPAA BAAs. With these checks in place, a Network as a Service solution can offer a highly effective solution for any organization’s HIPAA compliance needs.
Secure Telehealth for a Secure Future of Healthcare
As we are experiencing global social distancing, telehealth is quickly evolving, as is the way that it presents a remote option for healthcare services. However, potential privacy and security risks could decrease its value in moving forward.
Soon, we should begin seeing more government bodies authorize and create federal telehealth privacy and security protocols which will help healthcare providers avoid risks to their patients and better show the numerous benefits telehealth has to offer. With the help of the government and best privacy and security tools in place, telehealth will have that added security to fight off hackers, and defend its security model.